the importance of using safe interprocess communication
Ben Escoto
bescoto@stanford.edu
Sun, 10 Feb 2002 01:26:21 -0800
--==_Exmh_-939399544P
Content-Type: text/plain; charset=us-ascii
>>>>> "JH" == Jamie Heilman <jamie@audible.transient.net>
>>>>> wrote the following on Fri, 8 Feb 2002 03:46:01 -0800
JH> I don't think it is as long as /bin/sh -c behaves how you expect
JH> it to, your environment is what you think it is, etc. Using a
JH> Popen3 class would let you capture the errors from the system
JH> call, something which should always be done, *especially* when
JH> the program runs with elevated privileges. Granted it might be
JH> slower assuming popen() doesn't fork, and your shell is 'smart'
JH> enough to just exec without forking, but honestly /bin/sh -c
JH> being offered variable arguments, untainted or not, just gives
JH> me a bad feeling; I'd rather just use something that I know
JH> doesn't ever muck with my command.
I know what you mean, but I'm hesitant to use any undocumented
features of python. Would your mind be any more at ease if we put the
parameters into the environment, as in:
os.environ['foo'] = filename
os.popen('rdiff signature $foo')?
That is the way shell script writers often do it I think.
About your earlier example, it contains the lines:
for i in range(3, MAXFD):
try:
os.close(i)
except:
pass
What does this do and why? Thanks.
--
Ben Escoto
--==_Exmh_-939399544P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 01/15/2001
iD8DBQE8Zjy8+owuOvknOnURAvA+AJ9lCWnwQnXMcFjXSzymHitTF54CZwCfS7Gc
lvnjB6aEnxakpdI6kPSHzcU=
=zJnG
-----END PGP SIGNATURE-----
--==_Exmh_-939399544P--